Article 30 of the GDPR requires each controller to keep a record of processing activities for which he is responsible. It is the first element of "accountability" to demonstrate compliance with the GDPR. The processing activities register allows you to record your data processing and to have an overview of what you do with personal data.

The processing activity constitutes the “umbrella” activity which includes all of the purposes pursued within the framework of the activity.

For example, the “recruitment” activity could have two distinct purposes: the analysis of applications and the management of interviews, as well as the creation of a CV-library.

The terms "processing activity" and "processing", often used together, can be understood in a similar way.

Processing is defined in Article 4 of the GDPR by "any operation or any set of operations carried out or not using automated processes and applied to data or sets of personal data".

For example, it is a database, an Excel table, a video surveillance installation, a payment system by bank card or biometric recognition, a smartphone application, etc.

Processing of personal data may or may not be computerized.

Read more